python - Google Data API: how to do authentication for desktop applications -

i wonder best/easiest way authenticate user google data api in desktop app.

i read through docs , seems options clientlogin or oauth.

for clientlogin, seems have implement ui login/password (and related things saving somewhere etc.) myself. wonder if there more support there may pop default login/password screen , uses os keychain store password, etc. wonder why such support isn't there? wouldn't standard procedure? leaving implementation dev (well, possibility leave impl dev of course), guess many people have come ugly solutions here (when wanted hack small script).

oauth seems better solution. however, there seems code missing and/or code found seems relevant web applications. esp., followed documentation , got here. in introduction, speaks web application. later on, need specify callback url not make sense desktop application. wonder consumer key/secret should put doesn't make sense desktop app (esp. not open-source one). searched bit around , said here (on so) should use "anonymous"/"anonymous" consumer key/secret; in google documentation? , how token after user has authenticated itself?

is there sample code? (not hardcoded username/password reusable full authentication method.)

thanks, albert

---

my code far:

import gdata.gauth import gdata.contacts.client  consumer_key = 'anonymous' consumer_secret = 'anonymous' scopes = [ "https://www.google.com/m8/feeds/" ] # contacts  client = gdata.contacts.client.contactsclient(source='test app')  import basehttpserver import socketserver  handler = basehttpserver.basehttprequesthandler httpd = basehttpserver.httpserver(("", 0), handler) _,port = httpd.server_address  oauth_callback_url = 'http://localhost:%d/get_access_token' % port request_token = client.getoauthtoken(     scopes, oauth_callback_url, consumer_key, consumer_secret=consumer_secret)  loginurl = request_token.generate_authorization_url(google_apps_domain=none) loginurl = str(loginurl) import webbrowser webbrowser.open(loginurl) 

however, not work. error:

sorry, you've reached login page domain isn't using google apps. please check web address , try again.

i don't quite understand that. of course don't use google apps.

---

ah, error came google_apps_domain=none in generate_authorization_url. leave away (i.e. loginurl = request_token.generate_authorization_url() , works far.

my current code:

import gdata.gauth import gdata.contacts.client  consumer_key = 'anonymous' consumer_secret = 'anonymous' scopes = [ "https://www.google.com/m8/feeds/" ] # contacts  client = gdata.contacts.client.contactsclient(source='test app')  import basehttpserver import socketserver  httpd_access_token_callback = none class handler(basehttpserver.basehttprequesthandler):     def do_get(self):         if self.path.startswith("/get_access_token?"):             global httpd_access_token_callback             httpd_access_token_callback = self.path         self.send_response(200)     def log_message(self, format, *args): pass httpd = basehttpserver.httpserver(("", 0), handler) _,port = httpd.server_address  oauth_callback_url = 'http://localhost:%d/get_access_token' % port request_token = client.getoauthtoken(     scopes, oauth_callback_url, consumer_key, consumer_secret=consumer_secret)  loginurl = request_token.generate_authorization_url() loginurl = str(loginurl) print "opening oauth login page ..." import webbrowser; webbrowser.open(loginurl)  print "waiting redirect callback ..." while httpd_access_token_callback == none:     httpd.handle_request()  print "done"  request_token = gdata.gauth.authorizerequesttoken(request_token, httpd_access_token_callback)  # upgrade token , save in user's datastore access_token = client.getaccesstoken(request_token) client.auth_token = access_token 

that open google oauth page hint @ bottom:

this website has not registered google establish secure connection authorization requests. recommend deny access unless trust website.

it still doesn't work, though. when try access contacts (i.e. client.getcontacts()), error:

gdata.client.unauthorized: unauthorized - server responded with: 401, <html> <head> <title>token invalid - authsub token has wrong scope</title> </head> <body bgcolor="#ffffff" text="#000000"> <h1>token invalid - authsub token has wrong scope</h1> <h2>error 401</h2> </body> </html> 

---

ok, seems had set wrong scope. when use http instead of https (i.e. scopes = [ "http://www.google.com/m8/feeds/" ]), works.

but use https. wonder how can that.

---

also, problem solution:

in list of authorized access google account, have bunch of such localhost entries:

localhost:58630 — google contacts [ revoke access ]
localhost:58559 — google contacts [ revoke access ]
localhost:58815 — google contacts [ revoke access ]
localhost:59174 — google contacts [ revoke access ]
localhost:58514 — google contacts [ revoke access ]
localhost:58533 — google contacts [ revoke access ]
localhost:58790 — google contacts [ revoke access ]
localhost:59012 — google contacts [ revoke access ]
localhost:59191 — google contacts [ revoke access ]

i wonder how can avoid make such entries.

when use xoauth_displayname, displays name instead still makes multiple entries (probably because url still different (because of port) each time). how can avoid that?

---

my current code on github.

---

i wonder, where, how , how long should store access token and/or request token user not asked again , again each time when user starts application.

oauth can used in desktop apps well. consumer key , secret 'anonymous' suitable such app.

the user won't authenticate themselves. token provider (google) , authorized user token trusted consumer (your app), google service(s) can accessed , used.

here's python library oauth:

https://github.com/simplegeo/python-oauth2

here's overview on how oauth works:

http://blog.doityourselfandroid.com/2010/11/07/google-oauth-overview/

here's example java explains steps taken oauth authentication:

http://nilvec.com/implementing-client-side-oauth-on-android/

hth.